[Snort-users] When Upgrading Breaks Auto Rule Management

Eoin Miller eoin.miller at ...14586...
Thu Apr 28 12:10:22 EDT 2011


Finally got around to trying to use my oinkcode and all this automated 
razzamatazz with my new Snort 2.9.0.5 sensors I am building. Trying out 
pulledpork, supply my Oinkcode in the conf that I just pulled from 
https://www.snort.org/account/oinkcode, and whenever I tried to use it, 
it always bombs out and gives me a 403.

# pulledpork.pl -c pulledpork.conf

Checking latest MD5 for snortrules-snapshot-2905.tar.gz....
         A 403 error occurred, please wait for the 15 minute timeout
         to expire before trying again or specify the -n runtime switch
         You may also wish to verfiy your oinkcode, tarball name, and 
other configuration options
         Error 403 when fetching 
https://www.snort.org/reg-rules/snortrules-snapshot-2905.tar.gz.md5 at 
/<REDACTEDFILEPATH>/pulledpork.pl line 453
         main::md5file('<REDACTEDOINKCODE>', 
'snortrules-snapshot-2905.tar.gz', '/tmp/', 
'https://www.snort.org/reg-rules/') called at /opt/bcs/bin/pulledpork.pl 
line 1758

Then it occurred to me, go to the site and check if 2.9.0.5 rules are 
available yet for registered users and after reviewing that site and the 
SourceFire blog, it was clear that 30 days have not passed yet. Is it 
possible to get some kind of place holder to pull down the 2.9.0.4 
version of the rules until the 2.9.0.5 rules are available? Otherwise if 
users roll out a new sensor within the first 30 days of a new Snort 
version being released, their VRT auto rule updating will break until 
the 30 days has expired.

-- Eoin





More information about the Snort-users mailing list